Social Engineering

Ever wondered how people got trapped in frauds like paying on some fake website which looks almost similar to the original one or clicking on some link that takes away all your money from the bank. Well, this is not at all any magic that they perform but a well planned attack which in technical terms is called as social engineering attack.This website is gonna help you to get aware of most of these attacks so that you can’t be the next victim of hackers.

What is Social Engineering?

You can find best answers on google for this in technical terms, however, the simplest answer can be like it is a kind of human mind or psychology hacking. We have already seen this as an art where artist guesses number or name in your mind but getting your sensitive data(like password,bank details etc) out of your mind for illegal purpose makes it a crime that’s what these hackers do. Even the greatest hacker of all time Kevin D. Mitnick has said there’s nothing that can’t be hacked with social engineering.

So basically what a social engineer is doing is winning your trust here and letting you do what he wants. And here you got hacked.

Let’s understand with some example:

Suppose you are an employee of a company and you need to show your identity card and also you need to pass a door with a biometric lock.Now how will a hacker get into the company? Here he can use you.Yes you. He will make a fake identity card which looks similar to yours(by information gathering technique).Then he will carry bags in both of his hands to seem like a helpless person.Then you will see that he is wearing identity card and think he must be an employee of your company, and its human nature to help a helpless person thus you will open door for him and he is in.

On the phone, social engineers might call and pretend to be a fellow employee or a trusted outside authority (such as law enforcement or an auditor).

Online, Social networking sites have made social engineering attacks easier to conduct. Today’s attackers can go to sites like LinkedIn and find all of the users that work at a company and gather plenty of detailed information that can be used to further an attack.

Attack Cycle

People easily get facilitated with some attractive things like beauty , profit etc shown over the digital world which in actuality is a trap. In the digital world it is necessary for every professional, businessman and student to see both positive and negative aspects of anything related to technology. So let’s understand the attack cycle of social engineering.

1.INVESTIGATION

The very first phase of attack where the attacker prepares the ground for attack. In this they will choose the victim very smartly. Then there comes the role of information gathering process where they collect the maximum information about the victim. In this process your social media platforms(Instagram, Facebook, Snapchat, LinkedIn etc) helps them tell a lot about you, your likes /dislikes, your professional background, even your nature.These information are enough for a good social engineer to hack you. After gaining the most information, they choose the method of attack that could have more probability to be successful.

2.HOOK

The second phase is making connections with the victim. They will approach the victim with a very friendly nature and by spinning a story they will try their best to target your emotions and win your trust. The connection might be very small like helping someone at an office door and letting them in, however the connection might be a little long as a hacker may become your online friend over instagram. It all depends what kind of attack hacker is doing and also the method which is adopted.

3.PLAY

After making the successful connection, the hacker will execute the attack. Again depending upon the type of attack, execution will be in different forms. Like after winning the trust of the victim they convinced him to click on some link that seems to be malicious later. Thus taking out your sensitive data, your money and more is done under this process. For example if you let someone into your company, he will collect all the data of the company with him.

4.EXIT

The hack is incomplete for any hacker without deleting all traces of his hack. They will delete all interaction done with the victim. Covering each and every attack, they will remove all traces of malware and bring the charade to normal. After this everything would seem like nothing had happened.

“From Art to crime, the journey ends up in Jail :>”